DSA-2021-243: Dell PowerScale OneFS Contains Security Update for Multiple Vulnerabilities.
概要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
High
詳細
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36350 | Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication. | 5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3712 | https://nvd.nist.gov/vuln/detail/CVE-2021-3712 |
| Intel Platform | Multiple CVEs | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html |
| cURL | Multiple CVEs | https://curl.se/docs/vuln-7.78.0.html |
| Python | CVE-2021-23336 | https://nvd.nist.gov/vuln/detail/CVE-2021-23336 |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36350 | Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication. | 5.9 | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Third-party Component | CVEs | More information |
| OpenSSL | CVE-2021-3712 | https://nvd.nist.gov/vuln/detail/CVE-2021-3712 |
| Intel Platform | Multiple CVEs | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00463.html |
| cURL | Multiple CVEs | https://curl.se/docs/vuln-7.78.0.html |
| Python | CVE-2021-23336 | https://nvd.nist.gov/vuln/detail/CVE-2021-23336 |
影響を受ける製品と修復
| CVEs Addressed |
|
Updated Versions | Link to Update | |
| CVE-2021-3712 (OpenSSL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | PowerScale OneFS Downloads Area |
|
| 9.3.0.x | Available from December (or later) RUP | |||
| 9.1.0.x, 9 and2.1.x | Download and install the latest RUP | |||
| Multiple CVEs (Intel) | All supported OneFS versions | Download and install the latest NFP for your node types | ||
| Multiple CVEs (cURL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 9.1.0.x and 9.2.1.x | Download and install the latest RUP | |||
| CVE-2021-23336 (Python) | 8.2.1.x, 9.0.0.x, 9.1.1.x, 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 8.2.x, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP | |||
| CVE-2021-36350 (PowerScale OneFS) | 8.2.1.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 8.2.2, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP |
| CVEs Addressed |
|
Updated Versions | Link to Update | |
| CVE-2021-3712 (OpenSSL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | PowerScale OneFS Downloads Area |
|
| 9.3.0.x | Available from December (or later) RUP | |||
| 9.1.0.x, 9 and2.1.x | Download and install the latest RUP | |||
| Multiple CVEs (Intel) | All supported OneFS versions | Download and install the latest NFP for your node types | ||
| Multiple CVEs (cURL) | 8.2.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 9.1.0.x and 9.2.1.x | Download and install the latest RUP | |||
| CVE-2021-23336 (Python) | 8.2.1.x, 9.0.0.x, 9.1.1.x, 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 8.2.x, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP | |||
| CVE-2021-36350 (PowerScale OneFS) | 8.2.1.x, 9.0.0.x, 9.1.1.x, and 9.2.0.x | Upgrade your version of OneFS | ||
| 9.3.0.x | Download and install December (or later) RUP | |||
| 8.2.2, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP |
回避策と緩和策
| CVEs Addressed | Workarounds or Mitigations |
| CVE-2021-3712 (OpenSSL) | Avoid granting the ISI_PRIV_AUTH_SSH RBAC role to non-administrators. |
| Multiple CVEs (Intel) | None |
| Multiple CVEs (cURL) | None |
| CVE-2021-23336 (Python) | None |
| CVE-2021-36350 (PowerScale OneFS) | Avoid configuring DUO for groups with spaces in their name, until you have patched your OneFS installation. |
変更履歴
| Revision | Date | Description |
| 1.0 | 2021-12-06 | Initial Release |
関連情報
法的免責事項
対象製品
PowerScale OneFS, Product Security Information文書のプロパティ
文書番号: 000194157
文書の種類: Dell Security Advisory
最終更新: 15 2月 2022
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。